An oauth - based LDF (local database of friend list) in IOT networks

[2] OAuth is an open standard authorization protocol which allows users to grant a third-party application access to restricted resources without providing their credentials. Figure 1 shows the standard OAuth 2.0 protocol flow. The OAuth protocol works as follows:

When a user tries to access the IoT network, initially user gets directed to the security manager. [3] Security manager redirects the user to the service provider. User grants access to the security manager through the service provider. Service provider directs the user to security manager with the authorization code. Security manager uses its client id and the authorization code to request the access token. After verifying the client id and authorization code, service provider grants an access token to security manager. Security manger uses this access token to access the user information, by performing the API call to get user information from the service provider. [4] Service provider provides the response with user information including user ID. The user ID obtained from the service provider is compared with the list of user’s ID in the local database. If the user ID matches with the list in the database. Security manager grants access to the IoT network through the gateway.

The database management process in security manager can be clearly seen in the following Figure 2:

Figure 2.

Database is built with the list of user ID obtained from the friend list of IoT network manager. Security manager requests for the refresh token before the expiry of access token for future synchronization between friend list and database. [5] Database updation will be done periodically using the refresh token obtained by security manager. During periodic update, security manager compares the existing database with the latest friend list provided by service provider. Database will be updated with the users added or deleted from friend list. [7] Alternatively IoT network manager has an option to login to security manager application for instant synchronization between friend list and database. Once a user login to IoT network, user ID is obtained using access token and it will be compared with the user ID in database, if database match is success, then user can get to access the IoT network or else the user is denied to access the network even though the user is an authorized user from the service provider. [6] Using the proposed approach IoT network manager can have control of users accessing the network using OAuth protocol. And it reduces the user’s effort to create multiple user ID across different networks. Also, it helps the IoT network manager from the effort of maintaining user information in each IoT network.